[nsp-sec] DNS and SNMP Reflection Attack Hosts
Krista Hickey
Krista.Hickey at cogeco.com
Mon Jun 24 01:25:02 EDT 2013
[Apologies if this is a duplicate for you]
File 622894 contains ~45K DNS resolvers observed attacking a host June 19, 2013 (peak approx 1.5Gbps)
File 3952583 contains ~28K SNMP resolvers observed attacking a different host June 21, 2013 (peak approx 1Gbps)
I was also working on an unrelated DNS reflection attack our hosts were participating in and in addition to usual isc.org queries I observed nukes.directedat.asia queries, I don't have many details on it at the moment but I think it speaks for itself and returns a fairly large record so perhaps someone from AS21928 T-Mobile may be interested, also found someone with thoughts on directedat.asia and some other suspect domains at http://dnsamplificationattacks.blogspot.nl/2013/06/domain-mydnsscanus.html which may be of interest.
As before, details in the file, distribute as required for mitigation but no attribution please and if not necessary please strip target as well.
Thanks
Krista
7992
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 622894
Type: application/octet-stream
Size: 5193111 bytes
Desc: 622894
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20130624/9a169645/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3952583
Type: application/octet-stream
Size: 3282466 bytes
Desc: 3952583
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20130624/9a169645/attachment-0003.obj>
More information about the nsp-security
mailing list